How SCL Enforces Deterministic Identity in AI Run Declarations

SCL is the deterministic, cryptographic identity protocol for AI run declarations.

SCL enforces deterministic identity by eliminating all sources of variation in parsing, validation, and failure behavior. Identical input bytes always produce identical canonical JSON bytes and identical SHA-256 identity across all compliant implementations. Identical invalid inputs always produce identical deterministic failure output.

See canonical JSON rules for the representation layer. See SHA-256 identity derivation for the hashing layer.

This page defines the enforcement layer of the deterministic identity protocol. It does not define representation or hashing rules.

Deterministic Parsing in the Identity Protocol

SCL parsing is deterministic and non-recoverable. The parser processes input bytes sequentially under frozen grammar rules. There is no lookahead, no backtracking, and no error recovery. Every valid input produces exactly one parse result. Every invalid input halts at the first failure.

No implementation-defined behavior is permitted. Two independent parsers processing the same bytes must produce identical results.

Strict Grammar Enforcement (SCL:V1)

The SCL:V1 grammar defines exactly three components in mandatory order: header, handles block, and scl block. The grammar is frozen and does not permit extensions, optional sections, or implementation-defined behavior.

This rigidity is intentional. It ensures that no parser can produce a valid result that another parser would reject, and no valid input can be interpreted in more than one way.

Byte-Level Validation Guarantees

Validation operates at the byte level, not the character or string level. Offsets, boundaries, and delimiters are defined in bytes. Error reporting references byte positions.

Forbidden bytes include CR and TAB at any position. UTF-8 encoding is enforced strictly. No normalization, no encoding conversion, and no platform-specific string handling is tolerated.

This eliminates an entire class of ambiguity that would otherwise produce different identities across implementations.

Deterministic Failure Behavior

Invalid input does not produce partial identity. Validation halts at the first error, reports the byte offset, and produces no canonical JSON and no SHA-256 identity.

There is no fallback, no approximation, no partial output, and no multi-error reporting. Identical invalid inputs produce identical error responses across all compliant implementations.

This means failure behavior is also deterministic — not just success behavior.

No Recovery, No Interpretation

SCL does not attempt error recovery. If input is invalid at byte 47, parsing stops at byte 47. It does not skip ahead, does not guess intent, and does not produce a best-effort result.

This is a deliberate enforcement choice. Recovery introduces interpretation. Interpretation introduces variation. Variation destroys deterministic identity.

Enforcement Layer in the Deterministic Identity Protocol

The SCL protocol operates across three independent layers:

• Representation layer — Canonical JSON defines deterministic serialization
• Identity layer — SHA-256 defines identity derivation from canonical JSON bytes
• Enforcement layer — Parsing and validation eliminate all sources of variation

All three layers are required. Without enforcement, deterministic identity cannot be guaranteed.

Specification and Verification

All enforcement rules are defined in the SCL:V1 specification.

• View specification
• Verify declarations

The reference engine enforces these rules exactly. There is no interpretation layer between specification and execution.

See also: Why SCL eliminates interpretation.